我在尝试将 java 库 (jar) 发布到 AWS CodeArtifact Maven 存储库时遇到问题。当我尝试发布它时,我得到 HTTP 状态代码 401(未经授权)。这表明我做错了什么,比如缺少 CODEARTIFACT_AUTH_TOKEN 环境变量,或者使用了错误的 aws 凭证/配置文件等。但是 AWS CodeArtifact 非常简单:我们只需要:
- 生成一个新的 CODEARTIFACT_AUTH_TOKEN 并将其设置为环境变量,
- 使用 username=aws 和 password=${env.CODEARTIFACT_AUTH_TOKEN} 更新我们的本地 Maven .m2/settings.xml 以指向 AWS CodeArtifact 服务器
- 确保我们从有权访问 AWS CodeArtifact 域和 Maven 存储库的帐户生成该令牌(如果我们无论如何都无权访问,则会出错)。
...超级简单。然而,当我尝试使用我的设置“mvn deploy-file”时,我得到 401 Unauthorized ......请参阅下面的完整设置:
我通过 Cloudformation 模板设置了 AWS CodeArtifact 域和 Maven 存储库(如果需要,请忽略 NPM 和上游存储库):
AWSTemplateFormatVersion: "2010-09-09"
Description: CodeArtifact Domain, Maven repo, NPM repo, and upsteam repos
Resources:
CodeArtifactDomain:
Type: AWS::CodeArtifact::Domain
Properties:
DomainName: mydomain
PermissionsPolicyDocument:
Version: 2012-10-17
Statement:
- Action:
- codeartifact:CreateRepository
- codeartifact:DescribeDomain
- codeartifact:GetAuthorizationToken
- codeartifact:GetDomainPermissionsPolicy
- codeartifact:ListRepositoriesInDomain
- sts:GetServiceBearerToken
- codeartifact:DescribePackageVersion
- codeartifact:DescribeRepository
- codeartifact:GetPackageVersionReadme
- codeartifact:GetRepositoryEndpoint
- codeartifact:ListPackageVersionAssets
- codeartifact:ListPackageVersionDependencies
- codeartifact:ListPackageVersions
- codeartifact:ListPackages
- codeartifact:ReadFromRepository
- codeartifact:PublishPackageVersion
- codeartifact:PutPackageMetadata
Effect: Allow
Principal:
AWS:
- "arn:aws:iam::123456788904:root"
- "arn:aws:iam::123456789098:root"
- "arn:aws:iam::123456789087:root"
Resource: "*"
Tags:
- Key: Name
Value: CodeArtifact Domain
ArtifactUpstreamRepositoryMaven:
Type: AWS::CodeArtifact::Repository
Properties:
RepositoryName: maven-upstream-repo
DomainName: !GetAtt CodeArtifactDomain.Name
ExternalConnections:
- public:maven-central
ArtifactRepositoryMaven:
Type: AWS::CodeArtifact::Repository
Properties:
RepositoryName: maven-repo
Description: Maven CodeArtifact Repository
DomainName: !GetAtt CodeArtifactDomain.Name
Upstreams:
- !GetAtt ArtifactUpstreamRepositoryMaven.Name
Tags:
- Key: Name
Value: Maven CodeArtifact Repository
ArtifactUpstreamRepositoryNPM:
Type: AWS::CodeArtifact::Repository
Properties:
RepositoryName: npm-upstream-repo
DomainName: !GetAtt CodeArtifactDomain.Name
ExternalConnections:
- public:npmjs
ArtifactRepositoryNPM:
Type: AWS::CodeArtifact::Repository
Properties:
RepositoryName: npm-repo
Description: NPM CodeArtifact Repository
DomainName: !GetAtt CodeArtifactDomain.Name
Upstreams:
- !GetAtt ArtifactUpstreamRepositoryNPM.Name
Tags:
- Key: Name
Value: NPM CodeArtifact Repository
Outputs:
CodeArtifactDomain:
Description: The CodeArtifact Domain
Value: !Ref CodeArtifactDomain
Export:
Name: CodeArtifactDomain
我运行了上面的 cloudformation 模板并确认它已成功完成,然后导航到 CodeArtifact 以检查 CodeArtifact 域和存储库是否已成功创建(它们是)。然后我查找了我的存储库的连接说明。使用这些连接说明,我首先剪切并粘贴第一个:
export CODEARTIFACT_AUTH_TOKEN=`aws codeartifact get-authorization-token --domain mydomain --domain-owner <MY_ACCOUNT_NUMBER --query authorizationToken --output text`
然后我在 ~/.m2/settings.xml 中设置我的 Maven 设置,并将所有设置显示在我的存储库的连接说明(在 AWS 控制台中)中:
<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.2.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.2.0 https://maven.apache.org/xsd/settings-1.2.0.xsd">
<servers>
<server>
<id>mydomain-maven-repo</id>
<username>aws</username>
<password>${env.CODEARTIFACT_AUTH_TOKEN}</password>
</server>
</servers>
<profiles>
<profile>
<id>mydomain-maven-repo</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<repositories>
<repository>
<id>mydomain-maven-repo</id>
<url>https://mydomain-<MY_ACCOUNT_NUMBER>.d.codeartifact.us-east-1.amazonaws.com/maven/maven-repo/</url>
</repository>
</repositories>
</profile>
</profiles>
</settings>
最后,我尝试 mvn:deploy 我的一个库到 AWS CodeArtifact maven repo:
mvn deploy:deploy-file \
-DgroupId=com.myorg \
-DartifactId=my-client_2.12 \
-Dversion=1.0.1-play28 \
-Dfile=./my-client_2.12-1.0.1-play28.jar \
-Dsources=./my-client_2.12-1.0.1-play28-sources.jar \
-Djavadoc=./my-client_2.12-1.0.1-play28-javadoc.jar \
-Dpackaging=jar \
-DrepositoryId=maven-repo \
-Durl=https://mydomain-<MY_ACCOUNT_NUMBER>.d.codeartifact.us-east-1.amazonaws.com/maven/maven-repo/
我得到这个错误:
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------< org.apache.maven:standalone-pom >-------------------
[INFO] Building Maven Stub Project (No POM) 1
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- maven-deploy-plugin:2.7:deploy-file (default-cli) @ standalone-pom ---
Uploading to maven-repo: https://my-domain-<MY_ACCOUNT_NUMBER>.d.codeartifact.us-east-1.amazonaws.com/maven/maven-repo/.../my-client_2.12/1.0.1-play28/my-client_2.12-1.0.1-play28.jar
Uploading to maven-repo: https://my-domain-<MY_ACCOUNT_NUMBER>.d.codeartifact.us-east-1.amazonaws.com/maven/maven-repo/.../my-client_2.12/1.0.1-play28/my-client_2.12-1.0.1-play28.pom
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1.319 s
[INFO] Finished at: 2021-09-27T15:10:56-04:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.7:deploy-file (default-cli) on project standalone-pom: Failed to deploy artifacts: Could not transfer artifact my-client_2.12:jar:1.0.1-play28 from/to maven-repo (https://my-domain-<MY_ACCOUNT_NUMBER>.d.codeartifact.us-east-1.amazonaws.com/maven/maven-repo/): Transfer failed for https://my-domain-<MY_ACCOUNT_NUMBER>.d.codeartifact.us-east-1.amazonaws.com/maven/maven-repo/.../my-client_2.12/1.0.1-play28/my-client_2.12-1.0.1-play28.jar 401 Unauthorized -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
我可以通过运行确认我在 ~/.aws/credentials 中使用了正确的凭据
aws sts get-caller-identity
我也确认我
- 拥有最新的 mvn 可执行文件
- 将 M2_HOME 设置为指向我的 ~/.m2
- 获得最近的令牌(不超过 12 小时)
我不知道为什么当我 mvn deploy-file 时我得到 401 未经授权...有什么想法吗?